Optional: Install a new MIT KDC

The following gives a very high level description of the KDC installation process.

To get more information see specific Operating Systems
documentation, such as RHEL documentation, CentOS documentation, or SLES documentation
(links below).

Install the KDC Server:

Install a new version of the KDC server:

OS Flavor

Enter

RHEL/CentOS/Oracle Linux

yum install krb5-server krb5-libs
krb5-workstation

SLES

zypper install krb5 krb5-server
krb5-client

Ubuntu/Debian

apt-get install krb5-kdc
krb5-admin-server

Using a text editor, open the KDC server configuration file, located by
default here: vi /etc/krb5.conf.

Change the [realms] section of this file by replacing the default
“kerberos.example.com” setting for the kdc and admin_server properties with the
Fully Qualified Domain Name of the KDC server host. In the following example,
“kerberos.example.com” has been replaced with “my.kdc.server”.

Kerberos principals can be created either on the KDC machine itself or through the
network, using an “admin” principal. The following instructions assume you are using
the KDC machine and using the kadmin.local command line
administration utility. Using kadmin.local on the KDC machine allows
you to create principals without needing to create a separate "admin" principal
before you start.

Confirm that this admin principal has permissions in the KDC ACL. Using a
text editor, open the KDC ACL file:

OS Flavor

Enter

RHEL/CentOS/Oracle Linux

vi /var/kerberos/krb5kdc/kadm5.acl

SLES

vi
/var/lib/kerberos/krb5kdc/kadm5.acl

Ubuntu/Debian

vi /etc/krb5kdc/kadm5.acl

Ensure that the KDC ACL file includes an entry so to allow the admin
principal to administer the KDC for your specific realm. When using a realm
that is different than EXAMPLE.COM, be sure there is an entry for the realm
you are using. If not present, principal creation will fail. For
example, for an admin/admin@HADOOP.COM principal, you should have an entry:
*/admin@HADOOP.COM *.

After editing and saving the kadm5.acl file, you must restart the kadmin
process: